ASA - Policy NAT

Unanswered Question

Hello all,

I am trying to find out if possible to do the following:

I have a server in the DMZ: 172.17.1.100 /24 and server in the inside 172.20.1.200 /24 both will have the same nat ip

address outside: 1.1.1.200 this can be done using policy nat. ( I think, have not done yet).

Let say the above policy nat is implemented and the real questions here are:

1. if outside users connect to 1.1.1.200 then which servers the outside users will connect.

2. If posible for the outside user connect to 1.1.1.200 and this will redirect to DMZ server 172.17.1.100 instead of inside server 172.20.1.200

This is still in planning mode so no actual configuration has been done.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Nagaraja Thanthry Wed, 09/15/2010 - 13:47

Hello,

Unfortunately, you cannot do policy NAT for multiple inside IP and one public IP. You do need to find a way to differentiate the traffic on the outside interface. You can use different ports for different servers. But you cannot have both devices advertise their services using the same public IP and same port.

Regards,

NT

Actions

This Discussion